junkhead

Hi, I think I've had this problem before but can't remember what to do about it. I did a quick search but didn't get any hits so sorry if this is a common question. On my laptop something has happened where Malwarebytes scan ends too quickly, usually in about 6-10 minutes or so, whereas it usually takes 40+ minutes on both my laptop and desktop to do a full scan. Last time this happened something in the settings or somewhere just got unchecked but I can't remember what it was. Any ideas on what to do? Thanks a bunch for any help.

Ok, thanks, if there's nothing that can be done here I will open a new thread in the HJT forum. Here's the dds logs. DDS.txt Attach.txt

Hi, thanks for that. I did come here for help and was advised by an expert here to run Combofix. As far as I know I'm not infected since Combofix has been run. What I'm asking about now is possible after effects of running Combofix. Like I say, I'm not positive it was Combofix that did it since I've also gotten a new modem recently but Combofix has wonked up my system in the past and my laptop, which is connected to the same modem/router that my desktop is, runs fine so I don't think it's a hardware/modem issue. Any help in fixing the lag in my internet connection would be most appreciated.

Hi, I recently ran Combofix to fix a malware infection and I think it might have done something to my internet connection when my computer wakes up from sleeping. When my computer wakes from sleeping now it takes 30-45 seconds to connect to the internet whereas it used to connect right away. I'm not positive it was running Combofix that did it, I also recently installed Skype and Skype has done things to my computer before as well (like not allowing my computer to sleep even when Skype was not on and Skype was not set up to start up automatically. Uninstalling Skype didn't fix the problem and Skype isn't set to start automatically now either. I also ran scans with MSE and Malwarebytes and the scans are coming back clean) but those are the only two things that I can think of. It's not a hardware problem AFAIK because my laptop is connected to the same router that my desktop is and my laptop connects right away after sleeping just like my desktop used to. I've tried doing various tips and tricks after google searches of similar problems, my drivers are updated, etc, but the problem still persists. My question is what should I do? The Windows re-install DVD has different options for stuff like this that stops short of a complete re-install doesn't it? I'm almost to the point of doing a complete re-install of Win7 but don't want to mess with having to get another activation key for Office, etc. Any suggestions? Thanks a bunch for any help.

Ok, I got some help and ran Unhide and the problem is fixed. One last question that I would like to ask if possible, Malwarebytes seems to take a long time to load now, like a couple minutes or something. It's a long time after my other programs load and I deliberately don't have a lot of stuff running on startup, should I uninstall MB and then reinstall it? I remember back when I had McAfee it developed some sort of conflict along the way that made it really slow, has anyone reported similar issues with MB? Thanks again for all the help, I appreciate it very much. You guys are great.

Last note- I think it might have happened after uninstalling Combofix because I don't remember stuff being missing after running Combofix because I was asking about hidden files and folders following running Combofix. So it's possible that it only happened after uninstalling Combofix. Thanks again.

Just a note- I've also tried doing quick fixes from looking online such as right clicking Libraries and selecting 'restore default libraries', etc. Nothing has worked.

One more question- is there any way I can get one on one support? This is my fathers computer and having to wait hours and hours between replies (which can end up being days) might not be appreciated if there's something he needs to do. Also I don't think it's a hard drive failure as I opened bittorrent to keep the computer from sleeping during a MalwareBytes scan and the files are being seeded, plus the computer is a desktop and is only a year or two old so it's not some ancient hd or one that has been dropped and/or abused like laptop hd's can be. Thanks again.

I tried doing system restore and it didn't help. It looks like my older restore points are gone, the only one I see is the ComboFix install system restore from yesterday.

Ok, having more problems now. Now my libraries are gone. No 'My Music', no 'My Pictures', etc. 'My Documents' has like two folders in it and most of the files are gone. Any help would be appreciated.

Ahh, sweet relief, thank you so much. Everything works now. It's funny, I was feeling gut-checked the whole time thinking I was going to have to do some big to do to get my system restored and then I thought 'maybe just a restart will work' but I didn't want to do anything without instructions, so thanks again. One other question, if possible- the last virus I got made all my folders translucent or whatever and I don't know how to get them back to normal. I think I remember there being a system-wide way to do it but does that also do folders that should or shouldn't be hidden, like system files? Which do I want- read only or not plus hidden or not? Sorry I didn't say anything about it earlier, I thought from what I remembered from the last time it happened it was only the read-only part that was affected, I didn't realize hidden was selected too. Did that possibly affect the combofix and dds logs? Sorry again if I mucked things up.

I just checked and system restore won't work either.

I ran Combofix but when my computer restarted after running Combofix nothing will open now. No programs will open, not Internet Explorer, Notepad, Paint, etc; they all say 'Illegal operation attempted on a registry key that has been marked for deletion'. Right now I'm using my laptop to post this. I think this is the second time that Combofix has jacked up my computer, the first time I think I had to boot Windows 7 from the installation dvd to run System Restore because my computer kept on randomly restarting after running Combofix. Thanks again for the help. -------------------------------------------------------------- ComboFix 12-09-06.02 - John 09/06/2012 17:12:56.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2981 [GMT -5:00] Running from: c:\users\John\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\40H77AFF9sGbSO c:\programdata\dsgsdgdsgdsgw.pad c:\users\John\AppData\Roaming\uetrn.dll c:\users\John\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 ))))))))))))))))))))))))))))))) . . 2012-09-06 21:53 . 2012-08-25 02:01 883864 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe 2012-09-06 15:32 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ED96D5B-B9B3-4340-A43A-4B77781B0F1B}\mpengine.dll 2012-09-05 10:39 . 2012-09-05 10:58 -------- d-----w- c:\users\John\AppData\Roaming\Skype 2012-09-05 10:37 . 2012-09-05 10:37 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-05 10:37 . 2012-09-05 10:37 -------- d-----r- c:\program files (x86)\Skype 2012-09-05 10:37 . 2012-09-05 10:39 -------- d-----w- c:\programdata\Skype 2012-09-05 01:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-01 01:13 . 2012-09-01 01:13 -------- d-----w- c:\users\John\AppData\Local\{2F5FF353-F3D2-11E1-8270-B8AC6F996F26} 2012-08-20 18:14 . 2012-09-06 22:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-20 18:14 . 2012-08-20 18:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-15 13:00 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll 2012-08-15 13:00 . 2012-06-16 05:16 609792 ----a-w- c:\windows\system32\vbscript.dll 2012-08-15 13:00 . 2012-06-16 04:26 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-15 13:00 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 13:00 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 13:00 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 13:00 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-13 17:28 . 2012-08-13 17:28 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D75D90-49B6-4348-87E5-8487E4EACD3E}\gapaengine.dll 2012-08-12 04:10 . 2012-08-12 04:10 -------- d-----w- c:\windows\system32\SPReview 2012-08-12 04:09 . 2012-08-12 04:09 -------- d-----w- c:\windows\system32\EventProviders 2012-08-11 07:07 . 2012-08-11 07:07 328704 ----a-w- c:\windows\system32\services.exe.8ECD608AF9133C10 2012-08-11 05:32 . 2012-08-20 15:53 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 05:31 . 2012-08-12 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-11 05:31 . 2012-08-11 05:31 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com 2012-08-11 01:50 . 2012-08-11 01:50 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-11 01:49 . 2012-08-12 02:43 -------- d--h--w- c:\users\John\AppData\Local\{9B7E5494-E356-11E1-8270-B8AC6F996F26} 2012-08-11 01:48 . 2012-08-12 02:43 -------- d--h--w- c:\programdata\0C1CFB130008C96702A766874F147CE7 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 08:00 . 2011-02-19 21:06 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-12 04:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-08-12 04:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-08-04 15:34 . 2012-04-19 18:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 15:34 . 2011-06-04 06:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-08 23:29 . 2012-07-08 23:29 10063024 ----a-w- C:\mbam-setup.exe 2012-07-08 23:24 . 2012-07-08 23:24 457632 ----a-w- C:\FixExec.exe 2012-07-03 18:46 . 2012-07-08 23:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 00:28 . 2012-06-24 00:28 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-09 05:43 . 2012-07-10 20:33 14172672 ----a-w- c:\windows\system32\shell32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47] . 2012-09-06 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tvgwncf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe Wow6432Node-HKCU-Run-apcnap - c:\users\John\AppData\Roaming\apcnap.dll Wow6432Node-HKCU-Run-uetrn - c:\users\John\AppData\Roaming\uetrn.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-06 17:24:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-06 22:24 . Pre-Run: 83,102,760,960 bytes free Post-Run: 83,030,695,936 bytes free . - - End Of File - - 975972A9556686BF27A63B8FBF3CCA6E

Thanks a bunch for the help. Here's the log for C:\Users\John\AppData\Roaming\uetrn.dll, I can't find the file for C:\Users\John\AppData\Roaming\apcnap.dll. MalwareBytes says that it quarantined this file, do I need to look somewhere else for it? Neither showed up when I searched for them in the Start menu. Thanks again. SHA256: 4df4e7124dada82e1360b35b779ac4be9190600285ebf5b42c693fd262a43754 SHA1: b84fd2bff483c6d50d52fb15fd9977a9c8b09092 MD5: 314dac373927cbbb27d67b75e7f94e55 File size: 1.5 MB ( 1606144 bytes ) File name: uetrn.dll File type: Win32 DLL Detection ratio: 5 / 42 Analysis date: 2012-09-06 01:24:27 UTC ( 0 minutes ago ) More details Antivirus Result Update AhnLab-V3 - 20120905 AntiVir - 20120906 Antiy-AVL - 20120905 Avast - 20120905 AVG - 20120906 BitDefender - 20120906 ByteHero - 20120831 CAT-QuickHeal - 20120905 ClamAV - 20120906 Commtouch - 20120906 Comodo TrojWare.Win32.Agent.RXKO 20120905 DrWeb Trojan.Packed 20120906 Emsisoft - 20120906 eSafe - 20120904 ESET-NOD32 a variant of Win32/Medfos.DC 20120905 F-Prot - 20120906 F-Secure - 20120906 Fortinet W32/Medfos.BLA!tr 20120830 GData - 20120906 Ikarus - 20120906 Jiangmin - 20120905 K7AntiVirus - 20120905 Kaspersky HEUR:Trojan.Win32.Generic 20120905 McAfee - 20120906 McAfee-GW-Edition - 20120905 Microsoft - 20120906 Norman - 20120905 nProtect - 20120905 Panda - 20120905 PCTools - 20120905 Rising - 20120905 Sophos - 20120906 SUPERAntiSpyware - 20120905 Symantec - 20120906 TheHacker - 20120905 TotalDefense - 20120905 TrendMicro - 20120906 TrendMicro-HouseCall - 20120906 VBA32 - 20120905 VIPRE - 20120905 ViRobot - 20120905 VirusBuster - 20120905

Ok, thanks a bunch for the help. Best, J